Bad news for security firm Kaspersky, the US Department of Homeland security banned government agencies for using software products developed by Kaspersky Labs. The ban was the response to the concerns about possible ties between Kaspersky and Russian intelligence agencies.
According to The Washington Post, which first reported the news, the order applies to all civilian government networks, but not the military ones.
In July, the US General Services Administration announced that the security firm Kaspersky Lab was deleted from lists of approved vendors.
The US government banned Kaspersky solutions amid concerns over Russian state-sponsored hacking.
Now, Homeland Security has issued a Binding Operational Directive that orders agencies to remove products developed by Kaspersky Lab within 90 days.
IT managers have 30 days to assess their infrastructure to check for the presence of Kaspersky software and 60 days to develop a plan to remove it.
“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” the agency said in a statement.
“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”
A Kaspersky Lab spokesperson said in a statement that the company is disappointed in the DHS decision.
“No credible evidence has been presented publicly by anyone or any organization, as the accusations are based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies on the company. Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it’s disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues.” a spokesperson from Kaspersky told The Register.
It will provide all necessary info to demonstrate that “these allegations are completely unfounded.”
“Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organizations from 2cyberthreats, but it does not have unethical ties or affiliations with any government, including Russia.” Kaspersky spokesman said.
“Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it’s disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues.”
The company rejected any allegation and also clarified that Russian policies and laws are applied to telecoms and ISPs, not security firms like Kaspersky.
Senator Jeanne Shaheen (D-N.H.), who asked US Government for taking action against Kaspersky Lab in the past, praised the decision.
Applaud DHS for heeding my call to remove all Kaspersky products from fed agencies. Kaspersky is a direct threat to national security
— Sen. Jeanne Shaheen (@SenatorShaheen) September 13, 2017
Recently the tech retailer Best Buy pulled Kaspersky products from its shelves and website
(Security Affairs – Kaspersky Lab, Cyber espionage)